Well, as long as that is all there is to it, OK. But this tiny paranoid streak in me suspects an hidden agenda.

It's really not a "hidden agenda," as long as the technology (a) actually works, as verified by peer-review; and (b) can be used by other operating systems.

We have a genuine business need, when constructing "trustworthy" computing environments, to be able to control the entire software environment, including the built-in (flash...) ROM software.

Given Microsoft's past behaviour one could make a case for a "hidden agenda".

1) back UEFI (done)
2) back SecureBoot (done)
3) make sure all UEFI BIOSes incorporate SecureBoot (done)
3) strike deal with ARM manufacturers so their SecureBoot BIOS only boots Windows (almost there)
4) strike deal with desktop OEM's so that their SecureBoot BIOS only boots Windows (pending)
5) strike deal with desktop motherboard manufacturers so that their SecureBoot BIOS only boots Windows (pending)
6) strike deal with server OEM's so that their SecureBoot BIOS only boots Windows (pending)
7) strike deal with desktop motherboard manufacturers so that their SecureBoot BIOS only boots Windows (pending)
8) 99.9% of all "PC" and related servers now only boot Microsoft products.

Have they considered it? Probably.
Is it practical? No.
Could it be practical as far as step 4? Yes, possibly even step 5.

It starts to break down on the server market. Then there would be the inevitible legal hurdles such a strategy would entail and the costs involved. Another very practical obstacle to trying to implement such a plan beyond the OEM desktop.

NyteOwl, your step 7 is redundent. If it ever gets as bad as all new desktop motherboards being pre-locked to Windows, then vendors like System76 are going to have a lot more customers. I know that we Linux/BSD/other OS users only make up a small percentage of the desktop market, but there are enough of us around to where such a thing will not be possible.

Also, since most web servers run something other than Windows, I really can't see any server motherboard manufacturers implementing the secure boot crap. In my opinion, the SecureBoot/RestrictedBoot crap really isn't necessary to begin with. It's just another way for MS to make money without actually making a product.

Also, NyteOwl, there is a bit of practical reality here. If "99.9% of all servers now must boot Microsoft products," then a very significant percentage of those servers have just become ... unmarketable!

Linux, BSD, and several other "non-Microsoft" operating systems are, and always will remain, "legitimate and necessary operating systems" that there is, and always will be, a fundamental requirement to be able to run. And, to run with "secure boot" capability. (In other words, "if I have a legitimate business need for secure boot ... and I do ... then I have that need, regardless of which particular operating system I am talking about.

Walk into any server-farm on the planet, and it is extremely likely that you are looking at machines, side-by-side with one another, who are running many different operating systems (and versions thereof). The need to be able to guarantee that a bored (or clandestine) computer operator cannot hijack a system by rebooting it from an unauthorized DVD-ROM at 2:30 in the morning is a very legitimate business concern which actually has nothing at all to do with "Microsoft" or "Windows."

There are laws coming down, in all sorts of businesses including but not limited to health-care, that say that you must be able to guarantee this. And time is running out to prove compliance.

Fedora Linux Moves Forward with UEFI Secure Boot Plans
 

Hi,

Fedora Linux Moves Forward with UEFI Secure Boot Plans announcement article with some helpful information.

Member Response
 

Hi,

brianL, too much misinformation by the commentators to the article. Both articles are helpful and do reveal the on-coming issues for some hardware vendors that stick/set the secure boot. Most still provide the means for a BIOS compatibility but when will that no longer be available?

People do not understand that 'UEFI' & 'Secure Boot' are different animals. 'UEFI' is a protocol that does provide the provision for 'Secure Boot' protocol for hardware.

UEFI Today: Bootstrapping the Continuum is a good paper with useful information. Be sure to download and read: UEFI and the OEM and IHV Community

I'm still not convinced. I still regard Secure Boot as a potential threat, interfering with peoples' rights to install whatever operating-systems/distros/software on whatever hardware they want.

If you don't like it, disable it. Simple as that.

Yeah, but are you sure you will be able to do that on all hardware? Or will you possibly be limited in choice?

Yes. All you have to do is to buy a motherboard/PC with the Windows 8 logo, then you must be able to do that. Otherwise they wouldn't have the logo.

Windows 8 logo? Why not some new logo, independent of any individual company? You might be willing to trust Microsoft, but I wouldn't. It could all end up as restrictive as their EULAs.

Because nobody would care for such a logo. Microsoft is the biggest fish in the pool, so the hardware manufacturers will use their logo.

The requirements for the Windows 8 logo for x86 hardware clearly state that it must be possible to deactivate Secure Boot and to add your own keys if you don't want to disable it.
It may sound ironical and somewhat odd for a Linux user, but buying Windows 8 hardware is in this case the only way to go to make sure that Secure Boot actually will not prevent you from installing the OS of your choice.

Yeah. Great White shark. :) Do you really want to swim with them?
Not to mention downright suspicious, and against GNU/Linux principles.